Gentoo Linux Security Advisory GLSA 200712-06 - Adriano Lima and Ramon de Carvalho Valle reported that functions isc_attach_database() and isc_create_database() do not perform proper boundary checking when processing their input. Versions less than 2.0.3.12981.0-r2 are affected.
0b7ea8ad84bc0e75542d3d2139e32ea8135717813156e44fb1ab75918a59caa1A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing an overly long request, a stack buffer can be overflowed through a vulnerable call to sprintf() within the function process_packet(). If properly exploited, remote control of the affected system can be attained with SYSTEM credentials.
eb7e74a789975155ed378a43a35f407b6b817ac69a9b3d170f716707de4cd694
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed